cancel
Showing results for 
Search instead for 
Did you mean: 

Neo4j: configuring the Community Edition on a cloud server: port trouble

lytellie
Node Link

So I've been really plunging into data science work and have become somewhat of an aficionado of the different types of databases. I'm personally fascinated by neo4j and particularly its recent attempts to make pitches to data scientists - I definitely think my workflow might be improved with neo4j but I need to verify. I do my coding work in cloud servers so as to keep my personal computer tidy and also to help practice for hopefully getting an AWS certification or something, which means that "install neo4j for desktop" isn't really an answer for this situation.

So, to explain the problem in simple terms: neo4j connects on two ports for the browser and the proprietary api, 7474 and 7687. Both of these ports should return some response from a browser query beyond just instant failure to connect, but that's what I get - and 7474 should be returning a login screen to the administration panel.

I've installed this on cloud Linux setups across three providers: RHEL and CentOS 7 on AWS, OpenSUSE Leap on Google Cloud, and CentOS 7 on a Linode virtual private server. The former cases I followed best practices and kept them on a private subnet only accessible through an OpenVPN ingress on a public subnet within the virtual private network, and this was effective for everything except neo4j; I can ssh and access computers inside the private subnet fine, I can ping them, and I can even use my Chrome browser on OS X (where I'm running the OpenVPN client) to access the web server configuration for OpenVPN itself. It's only neo4j that isn't working. I want to note that I also installed the Kubernetes version of neo4j community running on a minimal Debian via AWS and a self-configured Google Cloud image of neo4j that was supposed to work "out of the box." None of them did.

Above all my (highly insecure and to be removed from the Internet as soon as possible) Linode which allows direct incoming HTTP and HTTPS traffic also has precisely the same response as these cloud based solutions. Instant denial of any attempt to access the neo4j ports. Also please note I've confirmed neo4j is running, as a systemd service even, and the proper JDK is installed.

So far, I've used ufw to try to update firewall rules on the Linode which, I mean, succeeds insofar as I've updated firewall rules. I've tried this:

**ufw allow $7474**
Rule added
Rule added (v6)

Didn't change a thing. And again, this Linode is dangerously insecure as it is. It doesn't make sense to me that across 3 providers, two major security paradigms, and three different ways of installing the software, it would always fail the same way. Is anyone able to help me out?

1 ACCEPTED SOLUTION

Without a name for advertised address, you can only directly connect to IP. You might want to make sure that bolt, http, and https are enabled.

Before attempting to connect via a web-browser, try connecting via Neo4j Desktop:

  1. New Project
  2. Add Graph
  3. Connect to Remote Graph
  4. Enter DBName and URL (bolt//1.2.3.4:7687)
  5. Username/password - enter, and connect.
  6. Activate, wait, Open Browser.
dbms.default_listen_address=0.0.0.0 # Especially on AWS, the real public IP might not be an IP the VM is aware of. Just listen to all at first, before locking it in.
dbms.connector.bolt.enabled=true
dbms.connector.http.enabled=true
dbms.connector.https.enabled=true

Do you have a webserver running on this VM? If so, you'll need to configure the webserver to pass requests to Neo4j.

View solution in original post

6 REPLIES 6

Could you provide a bit more detail, like your neo4j.conf and the error you're getting?

Check how your instance is configured:

dbms.connectors.default_listen_address=[public ip]
dbms.connectors.default_advertised_address=www.yourdomain.com

Check your ports via Operations Manual - Ports
Also note that if you're connecting to the browser (7474), the default HTTPS port is 7473.

Lastly, if you're trying to connect securely, there are a number of misconfigurations that can cause trouble, especially within a VPN.

Hi there, thanks for the response!

I actually tried a number of settings in neo4j.conf. I specifically tweaked the settings you note (I didn't use a domain, since my servers are not associated with domains) but I did set the public IP as the default listen address, and made sure all the listening was commented out.

I also tried HTTPS on 7473; no luck. Again, this has persisted across multiple servers I've tried to get this up and running on, including another try at AWS Kubernetes since my last post. I'm aware of the concerns within a VPN, which is why I decided to troubleshoot with an empty database and minimal security measures on a Linode VPS (which is just a virtual server exposed to the Internet, very insecure, hence why I don't normally use them even though they're much easier to work with than cloud providers per se). I still can't connect, even then. So it's not an issue of (or at least not only an issue of) addressing the subnet within the AWS/GCloud, as the Linode has a public IP address and other ad hoc web server stuff I loaded onto it to test works fine.

I can't share the error because there is no error - it's "the web site did not respond" in Chrome. It's the same as if I were to go to wejbweirhweiuoweobweofbwi dot com or something, or an IP I completely made up.

Without a name for advertised address, you can only directly connect to IP. You might want to make sure that bolt, http, and https are enabled.

Before attempting to connect via a web-browser, try connecting via Neo4j Desktop:

  1. New Project
  2. Add Graph
  3. Connect to Remote Graph
  4. Enter DBName and URL (bolt//1.2.3.4:7687)
  5. Username/password - enter, and connect.
  6. Activate, wait, Open Browser.
dbms.default_listen_address=0.0.0.0 # Especially on AWS, the real public IP might not be an IP the VM is aware of. Just listen to all at first, before locking it in.
dbms.connector.bolt.enabled=true
dbms.connector.http.enabled=true
dbms.connector.https.enabled=true

Do you have a webserver running on this VM? If so, you'll need to configure the webserver to pass requests to Neo4j.

The VM is designed to be neo4j only. I've given up on the DigitalOcean cloud (for this; it's still hosting my applications I need to have interacting with neo4j) and moved to Google; Google outright says they only support remote access over a reverse proxy. How do I even set up a reverse proxy on Kubernetes?

GCP is impossible to work with. It took me two weeks to get a reverse proxy working, and I couldn't tell what I did.

For what it's worth, I was able to deploy as a causal cloud with an Enterprise license! I really appreciate the help!